Extract rfc8693 tokenexchange logic to a helper function

Signed-off-by: Ruben Vallejo <rvallejo@vmware.com>
backstage · Sep 12, 2023 · 8f45ee8 · 8f45ee8
1 parent fa10765
commit 8f45ee8
Showing 1 changed file with 20 additions and 9 deletions.
diff --git a/plugins/auth-backend-module-pinniped-provider/src/authenticator.ts b/plugins/auth-backend-module-pinniped-provider/src/authenticator.ts
@@ -92,18 +92,29 @@ export const pinnipedAuthenticator = createOAuthAuthenticator({
       ? decodeOAuthState(stateParam).audience
       : undefined;
 
+    const rfc8693TokenExchange = ({
+      subject_token,
+      target_audience,
+    }: {
+      subject_token: string;
+      target_audience: string;
+    }): Promise<TokenSet> => {
+      return client.grant({
+        grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
+        subject_token,
+        audience: target_audience,
+        subject_token_type: 'urn:ietf:params:oauth:token-type:access_token',
+        requested_token_type: 'urn:ietf:params:oauth:token-type:jwt',
+      });
+    };
+
     return new Promise((resolve, reject) => {
       strategy.success = user => {
         (audience
-          ? client
-              .grant({
-                grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
-                subject_token: user.tokenset.access_token,
-                audience,
-                subject_token_type:
-                  'urn:ietf:params:oauth:token-type:access_token',
-                requested_token_type: 'urn:ietf:params:oauth:token-type:jwt',
-              })
+          ? rfc8693TokenExchange({
+              subject_token: user.tokenset.access_token,
+              target_audience: audience,
+            })
               .then(tokenset => tokenset.access_token)
               .catch(err =>
                 reject(